Trend Micro announces next generation of deep threat management system

 Trend Micro announces next generation of deep threat management system

Trend Micro has announced Deep Discovery, the third generation of their Threat Management Solution, which delivers breakthrough features and performance designed to help large Enterprise and Government organizations combat advanced persistent threats and targeted attacks.”It is the third generation of our deep threat management system, but is different in the way it delivers value, and is so new that we wanted to rename the product,” said Kevin Faulkner, director of product marketing at Trend Micro. “We have redesigned things from the ground up, so we get three times the performance from Deep Discovery as compared to the Threat Management system.”

Trend Micro says almost everything is new here, beginning with enhanced threat detection engines and multi-level correlation rules to minimize false positives

“We have expanded the threat detection engines and correlation rules to determine document exploit detection, such as an exploit in a JPEG or an Adobe document — purports to be an internal report,” Faulker said. “We are not looking to see if its a falsified email but looking at content to determine if it’s malicious. Once it passes a test to see if it really IS from Wells Fargo, for instance, or it is a bogus sender, that’s where the technology really kicks in, to see if it is malicious.”

Faulkner said there is one other major thing that is different in the detection engine.

“It’s not just looking for malware but for human attacker behavior, which open a backdoor once they infect the system,” Faulkner said. “It’s based on heuristic rules. This is something the earlier generation didn’t focus on.

The sandboxing capability is also very different.

“It lets a file that might contain malware execute in a virtual environment where it does no harm, but we can observe it,” Faulkner said “It allows us to take a suspicious specimen or known malicious one and put it under a microscope to see what it is trying to do.”

“This is new, because we had only used it in back-end processing before,” Faulkner said. “We had talked about it being used like this, but had not delivered it.”

The management console is also different here. It provides real-time threat visibility and deep analysis in an intuitive multi-level format that facilitates focusing on the real risks, performing deep forensic analysis, and rapidly implementing containment and remediation procedures. The Threat Analysis Dashboard features quick access widgets, in-depth threat profiling, and geo-location of malicious communication. Watch List capability closely monitors high severity threats and high value assets. And a Threat Connect portal provides direct access to TrendLabs intelligence for a specific attack or malware.

Trend Micro expects the new version of this product will open up new markets among very large companies and government.

“Our old sweet spot was small and medium sized enterprises — the 1000-5000 range — but this expands our target market to larger customers and government,” Faulkner said. “They want the sandbox and the capacity because they have multi gigabit networks, and this can scale to infinity and beyond.”

This will also be available as a software appliance so it can be used by customer or partner who deals with a different hardware vendor. Trend Micro uses Dell.

“We are also seeing a lot of interest from customers and partners in offering this as a virtual appliance,” Faulkner said.

“The new name — Discovery — also reflects an area we see ourselves going in in the future,” Faulkner said. “They include things that are not a threat directly, but which could be interesting and valuable to a customer, like data loss detection, or unencrypted data existing the company.”

“Another new development later in 2012 will be mobile device identification and tracking,” he said. “The basic detection ability is in it now.”

Trend Micro Deep Discovery is in beta now, with general availability planned in April.

Leave a Reply

Your email address will not be published. Required fields are marked *


6 + = 8

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>